ansible-role-base-server/tasks/main.yml

---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Create groups
  group:
    name: "{{ item }}"
    state: present
  become: true
  loop: "{{ base_server_groups }}"

- name: Create users
  user:
    name: "{{ item.name }}"
    groups: "{{ item.groups }}"
    shell: "{{ item.shell | default('/bin/bash') }}"
    state: "{{ item.state | default(omit) }}"
  become: true
  with_items: "{{ base_server_users }}"

- name: Setup authorized keys
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.public_key }}"
    state: "{{ item.state | default(omit) }}"
  become: true
  with_items: "{{ base_server_users }}"

- name: Import APT keys
  apt_key:
    id: "{{ item.id }}"
    url: "{{ item.url }}"
    state: "{{ item.state | default(omit) }}"
  become: true
  when: ansible_os_family == "Debian"
  loop: "{{ base_server_apt_keys }}"

- name: Add APT repositories
  apt_repository:
    repo: "{{ item.url }}"
    filename: "{{ item.filename }}"
    state: "{{ item.state | default(omit) }}"
  become: true
  when: ansible_os_family == "Debian"
  with_items: "{{ base_server_apt_repositories }}"

- name: Switch to legacy iptables
  alternatives:
    name: "{{ item }}"
    link: "/usr/sbin/{{ item }}"
    path: "/usr/sbin/{{ item }}-legacy"
  become: true
  when: ansible_os_family == "Debian"
  loop:
    - iptables
    - ip6tables